Time stamp

A time stamp is the value of an object that indicates the system time at some critical point in the history of the object.

A time stamp is included in a message to reduce the vulnerability of an application to replay attacks. In web services, a replay attack occurs when an HTTP request is intercepted and the content is resent to the provider in its original form.

Avoid trouble Avoid trouble: When you include a time stamp in a message, you must protect its integrity using transport security, such as secure sockets layer (SSL) or message-level security, such as XML digital signature. If you do not protect the integrity of the time stamp, it is possible to capture the message and retransmit the content with a different time stamp, message expiration date, or both.gotcha

For both the JAX-RPC and JAX-WS WS-Security run times, 5 minutes is the default message expiration time that is used for the receiver if a value is not specified in the message. If a different expiration is required for a specific client or you are unsure of the target service default value, configure a message expiration time value for the outbound time stamp.

Supported configurations Supported configurations: sptcfg

The JAX-WS WS-Security runtime complies with the OASIS WS-SecurityPolicy 1.2 specification Timestamp Required requirement. If you want to configure an application to not require an inbound time stamp when an outbound time stamp is configured you can add the com.ibm.wsspi.wssecurity.consumer.timestampRequired custom property as either an inbound or an inbound/outbound web services security custom property.

[Updated in April 2012] The JAX-WS runtime always puts the timestamp first, but the JAX-RPC runtime does not. If you are using the JAX-RPC WS-Security 1.0 runtime, and want to emit the Timestamp first in the Security header, you must: These properties are set as properties on the Timestamp generator in the Web services deployment descriptor extension. Because it is in the extension, it can only be edited with an Assembly Tool. [Updated in April 2012]
apr2012



Related concepts
Web Services Security enhancements
Related tasks
Configuring the WS-Security policy
Related reference
Message expiration settings
Default bindings and runtime properties for Web Services Security
Web Services Security property configuration settings
Security considerations for web services
Concept topic Concept topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Feb 6, 2014 8:11:25 PM CST
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=matt&product=was-nd-mp&topic=cwbs_timestamp
File name: cwbs_timestamp.html